Preface
Depending on your organization’s security policies, you might require to identify and authorize users before giving them access to resources, such as Red Hat Developer Hub.
In Developer Hub, authentication and authorization are two separate processes:
- Authentication defines the user identity, and passes on this information to Developer Hub. Read the following chapters to configure authentication in Developer Hub.
- Authorization defines what the authenticated identity can access or do in Developer Hub. See Authorization.
To explore Developer Hub features, you can enable the guest user to skip configuring authentication and authorization, log in as the guest user, and access all the features.
The authentication system in Developer Hub is handled by external authentication providers.
Developer Hub supports following authentication providers:
- Red Hat Single-Sign On (RHSSO)
- GitHub
- Microsoft Azure
To identify users in Developer Hub, configure:
- One (and only one) authentication provider for sign-in and identification.
- Optionally, additional authentication providers for identification, to add more information to the user identity, or enable access to additional external resources.
For each authentication provider, set up the shared secret that the authentication provider and Developer Hub require to communicate, first in the authentication provider, then in Developer Hub.
Developer Hub stores user identity information in the Developer Hub software catalog.
To explore the authentication system and use Developer Hub without authorization policies, you can bypass the Developer Hub software catalog and start using Developer Hub without provisioning the Developer Hub software catalog.
To get, store, and update additional user information, such as group or team ownership, with the intention to use this data to define authorization policies, provision users and groups in the Developer Hub software catalog.
Developer Hub uses a one-way synchronization system to provision users and groups from your authentication system to the Developer Hub software catalog. Therefore, deleting users and groups by using Developer Hub Web UI or REST API might have unintended consequences.